IDaaS acts as an identity provider (IdP) and supports three standard single sign-on (SSO) protocols: OpenID Connect (OIDC), SAML 2.0, and OAuth 2.0. Any application that supports these protocols can integrate with IDaaS without custom development.
Choose a protocol
Use the following table to select the right protocol for your application.
| Protocol | Published | Best for | Key details |
|---|---|---|---|
| OIDC | 2014 | Modern web, mobile, or API-based applications that need both authentication and authorization | Provides the best configuration, integration experience, and performance in modern identity systems. Adds an id_token (JWT format) on top of OAuth 2.0. Covers both authentication and authorization. In IDaaS, OIDC replaces the need for a separate OAuth 2.0 integration. |
| SAML 2.0 | 2005 | Enterprise B2B applications with existing SAML support, especially workforce identity and federation scenarios | The most widely deployed SSO protocol. XML-based, which makes it less adaptable in some edge scenarios. Supported by most mature enterprise applications. |
| OAuth 2.0 | 2012 (RFC 6749) | Authorization delegation — granting applications access to resources on a user's behalf | Distinguishes between an authorization server (AS) and a resource server (RS). Lightweight and flexible. Common use cases include logging on with WeChat or scanning a QR code to log on with DingTalk. If your application also needs to authenticate users, use OIDC instead — OIDC includes all OAuth 2.0 capabilities. |
| CAS | 2013 | — | Central Authentication Service (CAS) 3.0, developed by Yale University. Support is planned for a future version. |
OIDC and OAuth 2.0
OAuth 2.0 handles authorization (access to resources). OIDC extends OAuth 2.0 to add user authentication — the key difference is the id_token returned in an OIDC flow. In IDaaS, OIDC covers both authentication and authorization, so a separate OAuth 2.0 integration is not required.
If your application needs authentication, use OIDC.
Why standard protocols
Supporting standard protocols benefits both application vendors and their customers:
No vendor lock-in. Customers can choose any compatible identity provider — not just one tied to a specific vendor's account system.
Proven security. Standard protocols go through a rigorous specification process and cover a wide range of threat scenarios. Self-developed authentication carries higher risk of security vulnerabilities.
Broad compatibility. Standard protocol support is a baseline indicator of enterprise application maturity. It enables out-of-the-box integration with IDaaS and other IdPs.
Add a standard protocol application
Go to Applications and click Add Application.
Select the Standard Protocols tab.
Select a SAML 2.0 application or an OIDC application based on the protocol your application supports.
Click Add Application to start the configuration.
To verify that an application supports standard SSO protocols, search for<application name> single sign-onor<application name> SSOin a search engine or the application's documentation.
List your application in the Application Marketplace
If you are an enterprise application vendor and want to integrate with standard protocols, contact us for assistance. After integration, we can list your application in the Application Marketplace so other IDaaS customers can discover and use it.
To submit a request, use the IDaaS application request form.